Open-Source Project Secretly Funded by CIA

It's fair to say that the interests of governments and the FOSS community
are not always aligned. That's not to say that the US government is
out to crush every FOSS project or that every FOSS user is on a secret
mission to destroy the government. Nonetheless, the relationship is
often a strained one.

So it shouldn't be surprising that the Open Source community gets a
little restless when it learns that the government has its hands in
an open-source project—particularly when we discover it's secretly
pouring money into the pockets of developers to develop features
it requires. And, when the government agency in question is the CIA—well, you can understand why some feathers are rustled.

It shouldn't be surprising to learn that the CIA is a big investor in
tech development. After all, if there's one thing we've learned
from spy movies and TV, it's that spies love their gadgets.

But although the movies may show us scenes of secret underground
laboratories, the truth is that developing technology from scratch is
expensive. Just like any large organization, the CIA usually prefers
to use an off-the-shelf solution when it's available. But what does it
do when the solution it needs isn't ready to ship? What if the team
developing the project is struggling to secure the funding it needs
to bring its product to the market?

If there's a suitable commercial project in development, the answer is
venture capital. The CIA has its own venture capital branch called
In-Q-Tel. In-Q-Tel's mission is to get
the required technology into the hands of the CIA's analysts and agents
as soon as possible. It does that by using its money to support the
R and D costs of public companies who are working on similar products.

Of course, as Silicon Valley continues to embrace open source, that means
a number of open-source projects actually are funded by the CIA.
Docker is one example of a high-profile open-source firm that was secretly
funded by the CIA.

Given the recent FBI demands to insert back doors into iPhones to "help
investigate criminals", you can understand why some privacy advocates are
worried as to how much control the CIA exerts over some of these projects.

Of course, adding a back door to Docker would be quite hit-and-miss as
a spying strategy. It seems more likely to me that the CIA wants to
steer the project to meet its own container needs. And, it could be
that the CIA is so steeped in secrecy that "covertly" funding development
is merely an extension of its modus operandi.

But even if spying on end users isn't the goal, another concern is that
projects like Docker could be steered in the wrong direction. Ideally,
the features added to Docker should reflect the needs and desires of
the community. But when a backer like In-Q-Tel starts throwing huge
stacks of money at the board to get the features it wants, there's a
real risk that genuine requests from the community will be ignored.

That said, there are cases where the community has benefited from
work by the government. Tor is an example of one such project—it was
originally developed by the US Navy. Now it's an essential privacy tool.
Whistleblowers and private citizens all over the world depend on it to
protect them from government surveillance.

And, there are cases where a lack of funding means useful open-source
tools are abandoned before they are fully developed. Often investors
are cautious to spend money on a product that will be given away for free.

What's your take on the CIA funding the development of open-source
software? Do you have concerns, or do you feel it's beneficial to
the community? Let us know in the comments area below.